Creating and Managing Effective Acceptable Use Policies - Slide 5

Employees should be reminded of the AUP and some of the implications of breaking it. Policy breaches, accidental or otherwise, should result in a notification (via email or Web page) to the user telling them what they did, why it was wrong and reminding them that they are being monitored. With increased Web usage in the workplace, it is also a good idea to have a regular reminder displayed in the browser where the user has to acknowledge acceptance of the corporate AUP on a daily, weekly or monthly basis before continuing. Training and educating staff about IT security will also help with visibility and ensure that users understand that the AUP is there as much to protect them from phishing attacks, obscenity and abuse as it is about controlling what they do during working hours as well as protect the organization’s infrastructure.

Nearly all organizations now rely upon information technology to do business. Most office-based employees have access to a computer and many have a laptop or PC that is dedicated to their business use but also for their own personal use. Both email and the Internet provide employees with essential tools that enable them to do their jobs. However, technology is also open to abuse.

For many years employers have issued guidelines to their staff relating to the acceptable use of telephones at work. Most companies usually adopt a pragmatic approach and permit reasonable personal use of their telephones, excluding, for example, lengthy or international calls. Others have been more draconian and issued a clear edict that no personal use is permitted whatsoever. With the increased importance and use of email and Web at the workplace, these guidelines are frequently extended to include all areas of information technology, eventually becoming what is commonly called an acceptable use policy (AUP).

AUPs have become far more important than simply ensuring a user isn’t spending their whole working day surfing the Web, exchanging jokes and pictures or chatting with their friends or family. The reliance upon IT and the nature of the data that passes through it is often fundamental to the successful and smooth running of a business or organization. Any compromise or failure of the system has the potential to be catastrophic and can result in anything ranging from the merely irritating or mildly embarrassing to criminal prosecution and a prison sentence for corporate officers.

An effective AUP, especially when used as the basis for an IT security training program for all members of staff, can help ensure productivity while increasing security. As such, a good AUP can be viewed by employers and employees as a positive (rather than restrictive) measure, by providing a guideline that enables the use of technology for everyone without the risks.

The content of an AUP will undoubtedly vary between organizations. Regardless of content, however, M86 Security contends that to be really successful an acceptable use policy must meet the following criteria.

Cost reduction has been the main driver of IIoT adoption. Other contributors are the emergence of ancillary and complementary technologies, including low-power hardware devices, the cloud, Big Data analytics, robotics and automation and smart sensors. ... More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.